Information security and data protection requirements introduced for public procurements

The life cycle of an IT system or device begins when its purchase is planned. Information security and data protection issues should be managed from the outset. This ensures efficient risk management and helps control the costs while the product is in use. The project “Kyber-terveys” focused on cyber security in healthcare and developed a list of information security and data protection requirements for public procurements in the social and healthcare sector. However, most of the criteria can be used in other sectors, too. The list has already been used in the North Ostrobothnia hospital district with very positive results.